Since 2004, a source for ranting, reviews and InfoSec news

Menu

FBI Investigates the Cardinals

The FBI is investigating the St Louis Cardinals for a hack of the Houston Astros.

The Cardinals reviewed a “master list of passwords” to access the Houston prospect database. A former employee of the Cardinals now worked for Houston in setting up this system. The FBI tracked the unauthorized login to the home of Cardinals team officials.

source – NY Times. (if the link is paywalled, do a search on google to find the article or add a google refer to your request.)

This illustrates why password reuse is a problem. Additionally if passwords were routinely changed, even with an admin using the same password initially, they would be forced to change it to something else. One does wonder about this “master list of passwords”. I’m guessing these were service or admin account passwords rather than the organization knowing individual user passwords. At least I hope so.

One Comment

I’m not sure who should be blamed for this: the former Cardinal employee who used the list of passwords to access the account or the Cardinals team officials who made and kept a list of passwords. Either way, appropriate action should be taken against the offenders.